The unprecedented demands of the “new normal” have driven – and still drive – the need for enterprises to be more agile and efficient in their operations. Consequently, organizations are increasingly adopting new technologies in order to fulfill business goals. However, the proliferation of these technologies correspondingly increases the enterprise’s vulnerability to attack. The number of fronts to be defended by organizations today is on the increase and so are the associated threats, some of which are unpredictable and pose an unmanaged risk.
An important method for mitigating these threats and risks is the effective management and monitoring of user accounts with privileged access. Privilege can be defined as the rights a user account or process has within a computing system or network. Simply put, privilege defines what actions a user account or process can perform. A privileged account is a user account with elevated capabilities and access beyond what is obtained with standard user accounts. Threat actors, both external and internal, always seek to take control of privileged accounts or elevate their access to that of a privileged user as they can provide them with almost limitless access rights across an organization’s most critical systems and data. Forrester Research reports that 80% of security breaches involve compromised privileged credentials.
The recent attack on Twitter which saw its employees with administrative access targeted in a spear-phishing campaign demonstrates what threat actors can do when they compromise privileged access. The cybercriminals successfully compromised and exploited privileged access to traverse Twitter’s internal systems and controls and gain access to the tools used to manage accounts, ultimately taking control of high-profile accounts like those belonging to Apple, Barack Obama, Bill Gates, and more. Following the attack, Twitter’s reputation took a major hit with Twitter users beginning to question the authenticity of the tweets they read. Also, its stock priced dipped in the days following the cyberattack.
Privileged Access Management (PAM) refers to the cybersecurity strategies and technologies used to exert control over the elevated access and permissions for entities across an IT environment. PAM streamlines the authorization and control of privileged accounts, allowing organizations to maintain control and be safe from both intentional and unintentional privileged access abuse. PAM helps to reduce the chances of a security breach happening as well as limiting the scope of a breach should one occur by dismantling multiple points of the cyberattack chain requiring privileged access. It condenses the attack surface by limiting privileges for users and processes, diminishing the pathways for exploits.
Best practices for implementing privileged access management includes:
- A privilege management policy that governs how accounts with privileged access are provisioned/de-provisioned and defines how these accounts are inventoried and classified must be enforced. The inventory of privileged must always be up-to-date.
- Apply the principle of least privilege over all entities in the IT environment: endpoint devices, user accounts, applications, processes, systems, etc.
- Separation of privileges as well as the separation of duties should be enforced. Administrative account requirements must be clearly separated from that of standard accounts. Among administrative accounts, privileged access should be granted based on individual functions and tasks.
- Segment networks and systems by defining different levels of trust, privilege sets, and needs. The higher the trust levels, the more robust security controls should be. This practice makes easier it is to contain any potential breach to a particular segment.
- All privileged activity should be monitored, logged, and audited.
- Baselines for privileged user activities and privileged access should be established to facilitate the monitor and prompt detection of deviations that meet a defined risk threshold.
- Password security best practices should be strictly enforced; there should be centralized security and management of all credentials, robust password creation policies should be enforced, password sharing must be prohibited, use single sign-on (SSO) authentication, passwords should be changed at intervals depending on their sensitivity, etc.
Securing privileged access is key to stopping cyberattacks and mitigating the associated risks. Organizations must implement the proactive controls of privileged access management everywhere – in the cloud, in applications, on the endpoint, in automated processes, and on systems in order to have some peace of mind in today’s increasingly dynamic environments.